alt Hacker NewsA VPN? Yes, by definition. Zero trust requires that every connection is authenticated and users are only granted access to the app they request. They never “connect to the network” - something brokers that connection to the app in question.
VPN puts a user on the network and allows a bad actor to move laterally through the network.
It doesn't have to. There's nothing to stop you using a VPN as an initial filter to reduce the number of people who have access to a network and then properly authenticating and authorizing all access to services after that.
In fact, I'd say is a good defence-in-depth approach, which comes at the cost of increased complexity.